Information on the server included patients' names, addresses, phone numbers, diagnosis/procedure codes and Social Security numbers. The breach was discovered on Nov. 12, 2010, and patient notification began on Jan. 11.